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Question 1 (5+2+8=15 marks) 


a) 


b) 


Define the terms confidentiality, integrity, availability, authenticity, and accountability 
in the context of Internet security. 

Cryptographers and cryptanalysts are both interested in cryptography. Explain each 
of their roles, and how they differ. 

With aid of a diagram, describe a three round Feistel encryption scheme of a block 


of data with length 2w and a key K. 


Question 2 (2+5+6+2=15 marks) 


If Alice sends a plaintext message to Bob, what does Bob need to prove that Alice 
did send the message (even if she later denies having done so)? 

How can public key cryptography be used to implement your solution to (a)? 
Explain how the RSA algorithm could achieve your implementation in (b). 

Name and give a one-sentence description of an alternate algorithm that could be 


used in place of RSA. 


Question 3 (2+2+11=15 marks) 


a) 
b) 


Cc) 


What is the role of an Authentication Server (AS) in Kerberos? 
What is the role of a Ticket Granting Server (TGS) in Kerberos? 
Describe the principles involved in a client first authenticating him or herself, and 


then later establishing a secure communication session with another server. 


Question 4 (4+2+4+10=20 marks) 


a) 


Give two kinds of threats that can affect the confidentiality of a Web service, explain 
their consequences, and give possible countermeasures. 

What is the difference between SSL and TLS? Explain why HTTPS can use either 
SSL or TLS. 

Explain how a secure communication is established using the HTTPS protocol. 
Assume a system S is running an SSH server to which you have the ability to 
connect. S is on a network that has access to a host H that is not directly available 
from your client machine C. How can you use your connection to S to establish a 


secure connection from C to H? 
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Question 5 (3+3+4+5=15 marks) 


With aid of a diagram, explain how a Virtual Private Network (VPN) can be set up 
over the Internet. 

Describe three types of malicious software. 

Statistical anomaly detection falls into two broad categories: Threshold detection, 
and Profile-based. Explain the difference between these two approaches, and why 
threshold analysis is often ineffective. 

What is deep packet inspection, and how can it be used? What are the practical 


implications of using deep packet inspection with stateful firewalls? 


Question 6 (5+5+10=20 marks) 


a) 


With the aid of a diagram, explain the purpose and function of the Extensible 
Authentication Protocol (EAP). Include descriptions of two of the commonly 
supported EAP methods. 

You have been tasked with designing a secure wireless network. Detail five threats 
to wireless networks, why these threats require different solutions to wired 
networks, and how you would mitigate the risks of these threats. 

Online social network Facebook has recently rolled out a feature where users can 
add a PGP key to their profile and allow all email messages sent from Facebook to 
be secured with that key. Users are also able to share their key publicly, meaning 
that Facebook is now acting as a key distribution server. Given that Facebook had 
over 1 billion active users in the first half of 2015, do you feel that this move will 


increase the popularity of PGP? Give arguments to support your answer. 
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